Custom Authentication Type


Let us know by posting here.

Authentication Type Object Access

Accessing an authentication type object is straightforward:

// Get all types
$types = \Concrete\Core\Authentication\AuthenticationType::getList();

// Get a type by handle
$type = \Concrete\Core\Authentication\AuthenticationType::getByHandle($handle);

// Get a type by ID
$type = \Concrete\Core\Authentication\AuthenticationType::getByID($id);

To add an authentication type, ensure controller.php and form.php are present, then use:

// Add an authentication type
$type = \Concrete\Core\Authentication\AuthenticationType::add($handle, $name);

Delete an authentication type with ->delete():

// Delete an authentication type

Enable an installed authentication type programmatically:

if (!$type->isEnabled()) {


Creating an Authentication Type

Create authentication types with controller.php and form.php. Optionally, include type_form.php, hook.php, and other files for more features.

Login Form

For a login form in form.php, POST to /login/authenticate/HANDLE with a CSRF token:

<form method="post" action="<?= URL::to('/login', 'authenticate', $type->getAuthenticationTypeHandle()) ?>">
    Enter password: <input name="password" />
    <button type="submit" class="btn btn-primary">Submit</button>

    <?php Core::make('helper/validation/token')->output('login_' . $type->getAuthenticationTypeHandle()); ?>

Authentication Type Controller

Controllers must extend \Concrete\Core\Authentication\AuthenticationTypeController. They handle login, cookies, icons, and standard actions.

Login and Logout

The controller manages authentication, setting cookies, and user redirection:

public function authenticate()
    $request = $this->app['request'];
    $password = $request->post('password');

    if ($password == $this->getSecretPassword()) {
        $admin = User::getByUserID(1);
    } else {
        $this->set('message', 'Invalid password!');

Forever Cookie

Define a user-specific hash for long-term cookies.


Control the icon display in your controller:

public function getAuthenticationTypeIconHTML()
    return "<i class='fa fa-clock'></i>";

Controller Actions

Implement actions as public methods in the controller. Navigate to /login/type_handle/method_name to trigger them.